add relationship between Cardinal RAT and EVILNUM

clusters/rat.json

@@ -2547,6 +2547,16 @@
           "https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/"
         ]
       },
+      "related": [
+  {
+    "dest-uuid": "e1ca79eb-5629-4267-bb37-3992c7126ef4",
+    "tags": [
+      "estimative-language:likelihood-probability=\"likely\""
+    ],
+    "type": "similar"
+  }
+],
+
       "uuid": "cb23f563-a8b9-4427-9884-594e8d3cc836",
       "value": "Cardinal"
     },
@@ -3321,5 +3331,5 @@
       "value": "H-worm"
     }
   ],
-  "version": 25
+  "version": 26
 }

clusters/tool.json

@@ -4991,6 +4991,16 @@
           "type": "similar"
         }
       ],
+      "related": [
+  {
+    "dest-uuid": "e1ca79eb-5629-4267-bb37-3992c7126ef4",
+    "tags": [
+      "estimative-language:likelihood-probability=\"likely\""
+    ],
+    "type": "similar"
+  }
+],
+
       "uuid": "1d9fbf33-faea-40c1-b543-c7b39561f0ff",
       "value": "Cardinal RAT"
     },
@@ -7584,7 +7594,43 @@
       ],
       "uuid": "bb6492fa-36b5-4f4a-a787-e718e7f9997f",
       "value": "SLUB Backdoor"
+    },
+    {
+      "description": "In 2017, Unit 42 reported on and analyzed a low-volume malware family called Cardinal RAT. This malware family had remained undetected for over two years and was delivered via a unique downloader named Carp Downloader.",
+      "meta": {
+        "refs": [
+          "https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/"
+        ]
+      },
+      "uuid": "8fb35101-dad6-4628-84ab-905afacb986b",
+      "value": "Carp Downloader"
+    },
+    {
+      "description": "EVILNUM is a JavaScript-based malware family that is used in attacks against similar organizations.",
+      "meta": {
+        "refs": [
+          "https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "cb23f563-a8b9-4427-9884-594e8d3cc836",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
+        },
+        {
+          "dest-uuid": "1d9fbf33-faea-40c1-b543-c7b39561f0ff",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
+        }
+      ],
+      "uuid": "e1ca79eb-5629-4267-bb37-3992c7126ef4",
+      "value": "EVILNUM"
     }
   ],
-  "version": 114
+  "version": 115
 }